mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1288 from Mbed-TLS/mbedtls-3.6.1_mergeback

Browse Source 
Mbedtls 3.6.1 mergeback
This commit is contained in:
David Horstmann 2024-08-30 13:38:02 +01:00 committed by GitHub
commit aae8011eb0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
45 changed files with 954 additions and 721 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
BRANCHES.md
View File

@ -107,9 +107,9 @@ The following branches are currently maintained:
- [`development`](https://github.com/Mbed-TLS/mbedtls/) - [`development`](https://github.com/Mbed-TLS/mbedtls/)
- [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6) - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6)
maintained until March 2027, see maintained until March 2027, see
<https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0>. <https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.1>.
- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28) - [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
maintained until the end of 2024, see maintained until the end of 2024, see
<https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8>. <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.9>.
Users are urged to always use the latest version of a maintained branch. Users are urged to always use the latest version of a maintained branch.

6
CMakeLists.txt
View File

@ -40,12 +40,12 @@ cmake_policy(SET CMP0012 NEW)
if(TEST_CPP) if(TEST_CPP)
project("Mbed TLS" project("Mbed TLS"
LANGUAGES C CXX LANGUAGES C CXX
VERSION 3.6.0 VERSION 3.6.1
) )
else() else()
project("Mbed TLS" project("Mbed TLS"
LANGUAGES C LANGUAGES C
VERSION 3.6.0 VERSION 3.6.1
) )
endif() endif()
@ -449,7 +449,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
write_basic_package_version_file( write_basic_package_version_file(
"cmake/MbedTLSConfigVersion.cmake" "cmake/MbedTLSConfigVersion.cmake"
COMPATIBILITY SameMajorVersion COMPATIBILITY SameMajorVersion
VERSION 3.6.0) VERSION 3.6.1)
install( install(
FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"

183
ChangeLog
View File

@ -1,5 +1,188 @@
Mbed TLS ChangeLog (Sorted per branch, date) Mbed TLS ChangeLog (Sorted per branch, date)
= Mbed TLS 3.6.1 branch released 2024-08-30
API changes
* The experimental functions psa_generate_key_ext() and
psa_key_derivation_output_key_ext() are no longer declared when compiling
in C++. This resolves a build failure under C++ compilers that do not
support flexible array members (a C99 feature not adopted by C++).
Fixes #9020.
Default behavior changes
* In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT &&
!MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the
corresponding PSA mechanism is enabled, since the server provides the
crypto. Fixes #9126.
* A TLS handshake may now call psa_crypto_init() if TLS 1.3 is enabled.
This can happen even if TLS 1.3 is offered but eventually not selected
in the protocol version negotiation.
* By default, the handling of TLS 1.3 tickets by the Mbed TLS client is now
disabled at runtime. Applications that were using TLS 1.3 tickets
signalled by MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET return values now
need to enable the handling of TLS 1.3 tickets through the new
mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() API.
New deprecations
* The experimental functions psa_generate_key_ext() and
psa_key_derivation_output_key_ext() are deprecated in favor of
psa_generate_key_custom() and psa_key_derivation_output_key_custom().
They have almost exactly the same interface, but the variable-length
data is passed in a separate parameter instead of a flexible array
member.
* The following cryptographic mechanisms are planned to be removed
in Mbed TLS 4.0:
- DES (including 3DES).
- PKCS#1v1.5 encryption/decryption (RSAES-PKCS1-v1_5).
(OAEP, PSS, and PKCS#1v1.5 signature are staying.)
- Finite-field Diffie-Hellman with custom groups.
(RFC 7919 groups remain supported.)
- Elliptic curves of size 225 bits or less.
* The following cipher suites are planned to be removed from (D)TLS 1.2
in Mbed TLS 4.0:
- TLS_RSA_* (including TLS_RSA_PSK_*), i.e. cipher suites using
RSA decryption.
(RSA signatures, i.e. TLS_ECDHE_RSA_*, are staying.)
- TLS_ECDH_*, i.e. cipher suites using static ECDH.
(Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.)
- TLS_DHE_*, i.e. cipher suites using finite-field Diffie-Hellman.
(Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.)
- TLS_*CBC*, i.e. all cipher suites using CBC.
* The following low-level application interfaces are planned to be removed
from the public API in Mbed TLS 4.0:
- Hashes: hkdf.h, md5.h, ripemd160.h, sha1.h, sha3.h, sha256.h, sha512.h;
- Random generation: ctr_drbg.h, hmac_drbg.h, entropy.h;
- Ciphers and modes: aes.h, aria.h, camellia.h, chacha20.h, chachapoly.h,
cipher.h, cmac.h, gcm.h, poly1305.h;
- Private key encryption mechanisms: pkcs5.h, pkcs12.h.
- Asymmetric cryptography: bignum.h, dhm.h, ecdh.h, ecdsa.h, ecjpake.h,
ecp.h, rsa.h.
The cryptographic mechanisms remain present, but they will only be
accessible via the PSA API (psa_xxx functions introduced gradually
starting with Mbed TLS 2.17) and, where relevant, `pk.h`.
For guidance on migrating application code to the PSA API, please consult
the PSA transition guide (docs/psa-transition.md).
* The following integration interfaces are planned to be removed
in Mbed TLS 4.0:
- MBEDTLS_xxx_ALT replacement of cryptographic modules and functions.
Use PSA transparent drivers instead.
- MBEDTLS_PK_RSA_ALT and MBEDTLS_PSA_CRYPTO_SE_C.
Use PSA opaque drivers instead.
Features
* When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled,
the number of volatile PSA keys is virtually unlimited, at the expense
of increased code size. This option is off by default, but enabled in
the default mbedtls_config.h. Fixes #9216.
Security
* Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
CVE-2024-45157
* Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and
mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the
largest supported curve. In some configurations with PSA disabled,
all values of bits are affected. This never happens in internal library
calls, but can affect applications that call these functions directly.
CVE-2024-45158
* With TLS 1.3, when a server enables optional authentication of the
client, if the client-provided certificate does not have appropriate values
in keyUsage or extKeyUsage extensions, then the return value of
mbedtls_ssl_get_verify_result() would incorrectly have the
MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_EXT_KEY_USAGE bits
clear. As a result, an attacker that had a certificate valid for uses other
than TLS client authentication could be able to use it for TLS client
authentication anyway. Only TLS 1.3 servers were affected, and only with
optional authentication (required would abort the handshake with a fatal
alert).
CVE-2024-45159
Bugfix
* Fix TLS 1.3 client build and runtime when support for session tickets is
disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395.
* Fix compilation error when memcpy() is a function-like macros. Fixes #8994.
* MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled
as soon as MBEDTLS_RSA_C is enabled. Fixes #9041.
* Fix undefined behaviour (incrementing a NULL pointer by zero length) when
passing in zero length additional data to multipart AEAD.
* Fix rare concurrent access bug where attempting to operate on a
non-existent key while concurrently creating a new key could potentially
corrupt the key store.
* Fix error handling when creating a key in a dynamic secure element
(feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
the creation could return PSA_SUCCESS but using or destroying the key
would not work. Fixes #8537.
* Fix issue of redefinition warning messages for _GNU_SOURCE in
entropy_poll.c and sha_256.c. There was a build warning during
building for linux platform.
Resolves #9026
* Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled.
* Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in
CMAC is enabled, but no built-in unauthenticated cipher is enabled.
Fixes #9209.
* Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled.
Fixes #9029.
* Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes
long. Credit to Cryptofuzz. Fixes #9314.
* Fix interference between PSA volatile keys and built-in keys
when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and
MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096.
* Document and enforce the limitation of mbedtls_psa_register_se_key()
to persistent keys. Resolves #9253.
* Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled
but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188.
* Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but
MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186.
* When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled,
some code was defining 0-size arrays, resulting in compilation errors.
Fixed by disabling the offending code in configurations without PSA
Crypto, where it never worked. Fixes #9311.
* Fix unintended performance regression when using short RSA public keys.
Fixes #9232.
* Fixes an issue where some TLS 1.2 clients could not connect to an
Mbed TLS 3.6.0 server, due to incorrect handling of
legacy_compression_methods in the ClientHello.
Fixes #8995, #9243.
* Fix TLS connections failing when the handshake selects TLS 1.3
in an application that does not call psa_crypto_init().
Fixes #9072.
* Fix TLS connection failure in applications using an Mbed TLS client in
the default configuration connecting to a TLS 1.3 server sending tickets.
See the documentation of
mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() for more
information.
Fixes #8749.
* Fix a memory leak that could occur when failing to process an RSA
key through some PSA functions due to low memory conditions.
* Fixed a regression introduced in 3.6.0 where the CA callback set with
mbedtls_ssl_conf_ca_cb() would stop working when connections were
upgraded to TLS 1.3. Fixed by adding support for the CA callback with TLS
1.3.
* Fixed a regression introduced in 3.6.0 where clients that relied on
optional/none authentication mode, by calling mbedtls_ssl_conf_authmode()
with MBEDTLS_SSL_VERIFY_OPTIONAL or MBEDTLS_SSL_VERIFY_NONE, would stop
working when connections were upgraded to TLS 1.3. Fixed by adding
support for optional/none with TLS 1.3 as well. Note that the TLS 1.3
standard makes server authentication mandatory; users are advised not to
use authmode none, and to carefully check the results when using optional
mode.
* Fixed a regression introduced in 3.6.0 where context-specific certificate
verify callbacks, set with mbedtls_ssl_set_verify() as opposed to
mbedtls_ssl_conf_verify(), would stop working when connections were
upgraded to TLS 1.3. Fixed by adding support for context-specific verify
callback in TLS 1.3.
Changes
* Warn if mbedtls/check_config.h is included manually, as this can
lead to spurious errors. Error if a *adjust*.h header is included
manually, as this can lead to silently inconsistent configurations,
potentially resulting in buffer overflows.
When migrating from Mbed TLS 2.x, if you had a custom config.h that
included check_config.h, remove this inclusion from the Mbed TLS 3.x
configuration file (renamed to mbedtls_config.h). This change was made
in Mbed TLS 3.0, but was not announced in a changelog entry at the time.
= Mbed TLS 3.6.0 branch released 2024-03-28 = Mbed TLS 3.6.0 branch released 2024-03-28
API changes API changes

5
ChangeLog.d/9126.txt
View File

@ -1,5 +0,0 @@
Default behavior changes
* In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT &&
!MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the
corresponding PSA mechanism is enabled, since the server provides the
crypto. Fixes #9126.

39
ChangeLog.d/announce-4.0-removals.txt
View File

@ -1,39 +0,0 @@
New deprecations
* The following cryptographic mechanisms are planned to be removed
in Mbed TLS 4.0:
- DES (including 3DES).
- PKCS#1v1.5 encryption/decryption (RSAES-PKCS1-v1_5).
(OAEP, PSS, and PKCS#1v1.5 signature are staying.)
- Finite-field Diffie-Hellman with custom groups.
(RFC 7919 groups remain supported.)
- Elliptic curves of size 225 bits or less.
* The following cipher suites are planned to be removed from (D)TLS 1.2
in Mbed TLS 4.0:
- TLS_RSA_* (including TLS_RSA_PSK_*), i.e. cipher suites using
RSA decryption.
(RSA signatures, i.e. TLS_ECDHE_RSA_*, are staying.)
- TLS_ECDH_*, i.e. cipher suites using static ECDH.
(Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.)
- TLS_DHE_*, i.e. cipher suites using finite-field Diffie-Hellman.
(Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.)
- TLS_*CBC*, i.e. all cipher suites using CBC.
* The following low-level application interfaces are planned to be removed
from the public API in Mbed TLS 4.0:
- Hashes: hkdf.h, md5.h, ripemd160.h, sha1.h, sha3.h, sha256.h, sha512.h;
- Random generation: ctr_drbg.h, hmac_drbg.h, entropy.h;
- Ciphers and modes: aes.h, aria.h, camellia.h, chacha20.h, chachapoly.h,
cipher.h, cmac.h, gcm.h, poly1305.h;
- Private key encryption mechanisms: pkcs5.h, pkcs12.h.
- Asymmetric cryptography: bignum.h, dhm.h, ecdh.h, ecdsa.h, ecjpake.h,
ecp.h, rsa.h.
The cryptographic mechanisms remain present, but they will only be
accessible via the PSA API (psa_xxx functions introduced gradually
starting with Mbed TLS 2.17) and, where relevant, `pk.h`.
For guidance on migrating application code to the PSA API, please consult
the PSA transition guide (docs/psa-transition.md).
* The following integration interfaces are planned to be removed
in Mbed TLS 4.0:
- MBEDTLS_xxx_ALT replacement of cryptographic modules and functions.
Use PSA transparent drivers instead.
- MBEDTLS_PK_RSA_ALT and MBEDTLS_PSA_CRYPTO_SE_C.
Use PSA opaque drivers instead.

3
ChangeLog.d/asn1-missing-guard-in-rsa.txt
View File

@ -1,3 +0,0 @@
Bugfix
* MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled
as soon as MBEDTLS_RSA_C is enabled. Fixes #9041.

9
ChangeLog.d/check-config.txt
View File

@ -1,9 +0,0 @@
Changes
* Warn if mbedtls/check_config.h is included manually, as this can
lead to spurious errors. Error if a *adjust*.h header is included
manually, as this can lead to silently inconsistent configurations,
potentially resulting in buffer overflows.
When migrating from Mbed TLS 2.x, if you had a custom config.h that
included check_config.h, remove this inclusion from the Mbed TLS 3.x
configuration file (renamed to mbedtls_config.h). This change was made
in Mbed TLS 3.0, but was not announced in a changelog entry at the time.

14
ChangeLog.d/disable-new-session-tickets.txt
View File

@ -1,14 +0,0 @@
Bugfix
* Fix TLS connection failure in applications using an Mbed TLS client in
the default configuration connecting to a TLS 1.3 server sending tickets.
See the documentation of
mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() for more
information.
Fixes #8749.
Changes
* By default, the handling of TLS 1.3 tickets by the Mbed TLS client is now
disabled at runtime. Applications that were using TLS 1.3 tickets
signalled by MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET return values now
need to enable the handling of TLS 1.3 tickets through the new
mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets() API.

10
ChangeLog.d/dynamic-keystore.txt
View File

@ -1,10 +0,0 @@
Features
* When the new compilation option MBEDTLS_PSA_KEY_STORE_DYNAMIC is enabled,
the number of volatile PSA keys is virtually unlimited, at the expense
of increased code size. This option is off by default, but enabled in
the default mbedtls_config.h. Fixes #9216.
Bugfix
* Fix interference between PSA volatile keys and built-in keys
when MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled and
MBEDTLS_PSA_KEY_SLOT_COUNT is more than 4096.

3
ChangeLog.d/fix-clang-psa-build-without-dhm.txt
View File

@ -1,3 +0,0 @@
Bugfix
* Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled
but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188.

2
ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt
View File

@ -1,2 +0,0 @@
Bugfix
* Fix compilation error when memcpy() is a function-like macros. Fixes #8994.

4
ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt
View File

@ -1,4 +0,0 @@
Bugfix
* Fix rare concurrent access bug where attempting to operate on a
non-existent key while concurrently creating a new key could potentially
corrupt the key store.

6
ChangeLog.d/fix-legacy-compression-issue.txt
View File

@ -1,6 +0,0 @@
Bugfix
* Fixes an issue where some TLS 1.2 clients could not connect to an
Mbed TLS 3.6.0 server, due to incorrect handling of
legacy_compression_methods in the ClientHello.
Fixes #8995, #9243.

4
ChangeLog.d/fix-psa-cmac.txt
View File

@ -1,4 +0,0 @@
Bugfix
* Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in
CMAC is enabled, but no built-in unauthenticated cipher is enabled.
Fixes #9209.

5
ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt
View File

@ -1,5 +0,0 @@
Bugfix
* Fix issue of redefinition warning messages for _GNU_SOURCE in
entropy_poll.c and sha_256.c. There was a build warning during
building for linux platform.
Resolves #9026

3
ChangeLog.d/fix-rsa-performance-regression.txt
View File

@ -1,3 +0,0 @@
Bugfix
* Fix unintended performance regression when using short RSA public keys.
Fixes #9232.

5
ChangeLog.d/fix-secure-element-key-creation.txt
View File

@ -1,5 +0,0 @@
Bugfix
* Fix error handling when creating a key in a dynamic secure element
(feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
the creation could return PSA_SUCCESS but using or destroying the key
would not work. Fixes #8537.

3
ChangeLog.d/fix-server-mode-only-build.txt
View File

@ -1,3 +0,0 @@
Bugfix
* Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but
MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186.

3
ChangeLog.d/fix-test-suite-pk-warnings.txt
View File

@ -1,3 +0,0 @@
Bugfix
* Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled.
Fixes #9029.

3
ChangeLog.d/fix_ubsan_mp_aead_gcm.txt
View File

@ -1,3 +0,0 @@
Bugfix
* Fix undefined behaviour (incrementing a NULL pointer by zero length) when
passing in zero length additional data to multipart AEAD.

3
ChangeLog.d/mbedtls_psa_register_se_key.txt
View File

@ -1,3 +0,0 @@
Bugfix
* Document and enforce the limitation of mbedtls_psa_register_se_key()
to persistent keys. Resolves #9253.

2
ChangeLog.d/pk-norsa-warning.txt
View File

@ -1,2 +0,0 @@
Bugfix
* Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled.

3
ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt
View File

@ -1,3 +0,0 @@
Bugfix
* Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes
long. Credit to Cryptofuzz. Fixes #9314.

14
ChangeLog.d/psa_generate_key_custom.txt
View File

@ -1,14 +0,0 @@
API changes
* The experimental functions psa_generate_key_ext() and
psa_key_derivation_output_key_ext() are no longer declared when compiling
in C++. This resolves a build failure under C++ compilers that do not
support flexible array members (a C99 feature not adopted by C++).
Fixes #9020.
New deprecations
* The experimental functions psa_generate_key_ext() and
psa_key_derivation_output_key_ext() are deprecated in favor of
psa_generate_key_custom() and psa_key_derivation_output_key_custom().
They have almost exactly the same interface, but the variable-length
data is passed in a separate parameter instead of a flexible array
member.

5
ChangeLog.d/psa_util_in_builds_without_psa.txt
View File

@ -1,5 +0,0 @@
Bugfix
* When MBEDTLS_PSA_CRYPTO_C was disabled and MBEDTLS_ECDSA_C enabled,
some code was defining 0-size arrays, resulting in compilation errors.
Fixed by disabling the offending code in configurations without PSA
Crypto, where it never worked. Fixes #9311.

9
ChangeLog.d/tls13-psa_crypto_init.txt
View File

@ -1,9 +0,0 @@
Bugfix
* Fix TLS connections failing when the handshake selects TLS 1.3
in an application that does not call psa_crypto_init().
Fixes #9072.
Changes
* A TLS handshake may now call psa_crypto_init() if TLS 1.3 is enabled.
This can happen even if TLS 1.3 is offered but eventually not selected
in the protocol version negotiation.

3
ChangeLog.d/tls13-without-tickets.txt
View File

@ -1,3 +0,0 @@
Bugfix
* Fix TLS 1.3 client build and runtime when support for session tickets is
disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395.

2
doxygen/input/doc_mainpage.h
View File

@ -10,7 +10,7 @@
*/ */
/** /**
* @mainpage Mbed TLS v3.6.0 API Documentation * @mainpage Mbed TLS v3.6.1 API Documentation
* *
* This documentation describes the internal structure of Mbed TLS. It was * This documentation describes the internal structure of Mbed TLS. It was
* automatically generated from specially formatted comment blocks in * automatically generated from specially formatted comment blocks in

2
doxygen/mbedtls.doxyfile
View File

@ -1,4 +1,4 @@
PROJECT_NAME = "Mbed TLS v3.6.0" PROJECT_NAME = "Mbed TLS v3.6.1"
OUTPUT_DIRECTORY = ../apidoc/ OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES OPTIMIZE_OUTPUT_FOR_C = YES

8
include/mbedtls/build_info.h
View File

@ -26,16 +26,16 @@
*/ */
#define MBEDTLS_VERSION_MAJOR 3 #define MBEDTLS_VERSION_MAJOR 3
#define MBEDTLS_VERSION_MINOR 6 #define MBEDTLS_VERSION_MINOR 6
#define MBEDTLS_VERSION_PATCH 0 #define MBEDTLS_VERSION_PATCH 1
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define MBEDTLS_VERSION_NUMBER 0x03060000 #define MBEDTLS_VERSION_NUMBER 0x03060100
#define MBEDTLS_VERSION_STRING "3.6.0" #define MBEDTLS_VERSION_STRING "3.6.1"
#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.0" #define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.1"
/* Macros for build-time platform detection */ /* Macros for build-time platform detection */

17
include/mbedtls/mbedtls_config.h
View File

@ -4034,11 +4034,18 @@
* Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
* PSA crypto subsystem. * PSA crypto subsystem.
* *
* If this option is unset: * If this option is unset, the library chooses a hash (currently between
* - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG. * #MBEDTLS_MD_SHA512 and #MBEDTLS_MD_SHA256) based on availability and
* - Otherwise, the PSA subsystem uses HMAC_DRBG with either * unspecified heuristics.
* #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and *
* on unspecified heuristics. * \note The PSA crypto subsystem uses the first available mechanism amongst
* the following:
* - #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG if enabled;
* - Entropy from #MBEDTLS_ENTROPY_C plus CTR_DRBG with AES
* if #MBEDTLS_CTR_DRBG_C is enabled;
* - Entropy from #MBEDTLS_ENTROPY_C plus HMAC_DRBG.
*
* A future version may reevaluate the prioritization of DRBG mechanisms.
*/ */
//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256 //#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256

6
library/CMakeLists.txt
View File

@ -300,7 +300,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR}) set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto}) add_library(${mbedcrypto_target} SHARED ${src_crypto})
set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.6.0 SOVERSION 16) set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.6.1 SOVERSION 16)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
if(TARGET ${everest_target}) if(TARGET ${everest_target})
@ -312,11 +312,11 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
endif() endif()
add_library(${mbedx509_target} SHARED ${src_x509}) add_library(${mbedx509_target} SHARED ${src_x509})
set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.6.0 SOVERSION 7) set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.6.1 SOVERSION 7)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls}) add_library(${mbedtls_target} SHARED ${src_tls})
set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.6.0 SOVERSION 21) set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.6.1 SOVERSION 21)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY) endif(USE_SHARED_MBEDTLS_LIBRARY)

17
library/psa_crypto_random_impl.h
View File

@ -21,13 +21,10 @@ typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t;
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
/* Choose a DRBG based on configuration and availability */ /* Choose a DRBG based on configuration and availability */
#if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) #if defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/hmac_drbg.h"
#elif defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/ctr_drbg.h" #include "mbedtls/ctr_drbg.h"
#undef MBEDTLS_PSA_HMAC_DRBG_MD_TYPE
#elif defined(MBEDTLS_HMAC_DRBG_C) #elif defined(MBEDTLS_HMAC_DRBG_C)
@ -49,17 +46,11 @@ typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t;
#error "No hash algorithm available for HMAC_DBRG." #error "No hash algorithm available for HMAC_DBRG."
#endif #endif
#else /* !MBEDTLS_PSA_HMAC_DRBG_MD_TYPE && !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/ #else /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
#error "No DRBG module available for the psa_crypto module." #error "No DRBG module available for the psa_crypto module."
#endif /* !MBEDTLS_PSA_HMAC_DRBG_MD_TYPE && !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/ #endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/
#if defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/ctr_drbg.h"
#elif defined(MBEDTLS_HMAC_DRBG_C)
#include "mbedtls/hmac_drbg.h"
#endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C */
/* The maximum number of bytes that mbedtls_psa_get_random() is expected to return. */ /* The maximum number of bytes that mbedtls_psa_get_random() is expected to return. */
#if defined(MBEDTLS_CTR_DRBG_C) #if defined(MBEDTLS_CTR_DRBG_C)

17
library/psa_crypto_rsa.c
View File

@ -197,16 +197,14 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
status = mbedtls_psa_rsa_load_representation( status = mbedtls_psa_rsa_load_representation(
attributes->type, key_buffer, key_buffer_size, &rsa); attributes->type, key_buffer, key_buffer_size, &rsa);
if (status != PSA_SUCCESS) { if (status == PSA_SUCCESS) {
return status; status = mbedtls_psa_rsa_export_key(PSA_KEY_TYPE_RSA_PUBLIC_KEY,
rsa,
data,
data_size,
data_length);
} }
status = mbedtls_psa_rsa_export_key(PSA_KEY_TYPE_RSA_PUBLIC_KEY,
rsa,
data,
data_size,
data_length);
mbedtls_rsa_free(rsa); mbedtls_rsa_free(rsa);
mbedtls_free(rsa); mbedtls_free(rsa);
@ -264,6 +262,7 @@ psa_status_t mbedtls_psa_rsa_generate_key(
(unsigned int) attributes->bits, (unsigned int) attributes->bits,
exponent); exponent);
if (ret != 0) { if (ret != 0) {
mbedtls_rsa_free(&rsa);
return mbedtls_to_psa_error(ret); return mbedtls_to_psa_error(ret);
} }
@ -330,7 +329,7 @@ psa_status_t mbedtls_psa_rsa_sign_hash(
key_buffer_size, key_buffer_size,
&rsa); &rsa);
if (status != PSA_SUCCESS) { if (status != PSA_SUCCESS) {
return status; goto exit;
} }
status = psa_rsa_decode_md_type(alg, hash_length, &md_alg); status = psa_rsa_decode_md_type(alg, hash_length, &md_alg);

6
library/psa_util.c
View File

@ -443,6 +443,9 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l
if (raw_len != (2 * coordinate_len)) { if (raw_len != (2 * coordinate_len)) {
return MBEDTLS_ERR_ASN1_INVALID_DATA; return MBEDTLS_ERR_ASN1_INVALID_DATA;
} }
if (coordinate_len > sizeof(r)) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
/* Since raw and der buffers might overlap, dump r and s before starting /* Since raw and der buffers might overlap, dump r and s before starting
* the conversion. */ * the conversion. */
@ -561,6 +564,9 @@ int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_l
if (raw_size < coordinate_size * 2) { if (raw_size < coordinate_size * 2) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
} }
if (2 * coordinate_size > sizeof(raw_tmp)) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
/* Check that the provided input DER buffer has the right header. */ /* Check that the provided input DER buffer has the right header. */
ret = mbedtls_asn1_get_tag(&p, der + der_len, &data_len, ret = mbedtls_asn1_get_tag(&p, der + der_len, &data_len,

45
library/ssl_misc.h
View File

@ -1674,18 +1674,53 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
} }
/* /*
* Check usage of a certificate wrt extensions: * Verify a certificate.
* keyUsage, extendedKeyUsage (later), and nSCertType (later).
* *
* Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we * [in/out] ssl: misc. things read
* check a cert we received from them)! * ssl->session_negotiate->verify_result updated
* [in] authmode: one of MBEDTLS_SSL_VERIFY_{NONE,OPTIONAL,REQUIRED}
* [in] chain: the certificate chain to verify (ie the peer's chain)
* [in] ciphersuite_info: For TLS 1.2, this session's ciphersuite;
* for TLS 1.3, may be left NULL.
* [in] rs_ctx: restart context if restartable ECC is in use;
* leave NULL for no restartable behaviour.
*
* Return:
* - 0 if the handshake should continue. Depending on the
* authmode it means:
* - REQUIRED: the certificate was found to be valid, trusted & acceptable.
* ssl->session_negotiate->verify_result is 0.
* - OPTIONAL: the certificate may or may not be acceptable, but
* ssl->session_negotiate->verify_result was updated with the result.
* - NONE: the certificate wasn't even checked.
* - MBEDTLS_ERR_X509_CERT_VERIFY_FAILED or MBEDTLS_ERR_SSL_BAD_CERTIFICATE if
* the certificate was found to be invalid/untrusted/unacceptable and the
* handshake should be aborted (can only happen with REQUIRED).
* - another error code if another error happened (out-of-memory, etc.)
*/
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl,
int authmode,
mbedtls_x509_crt *chain,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info,
void *rs_ctx);
/*
* Check usage of a certificate wrt usage extensions:
* keyUsage and extendedKeyUsage.
* (Note: nSCertType is deprecated and not standard, we don't check it.)
*
* Note: if tls_version is 1.3, ciphersuite is ignored and can be NULL.
*
* Note: recv_endpoint is the receiver's endpoint.
* *
* Return 0 if everything is OK, -1 if not. * Return 0 if everything is OK, -1 if not.
*/ */
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
const mbedtls_ssl_ciphersuite_t *ciphersuite, const mbedtls_ssl_ciphersuite_t *ciphersuite,
int cert_endpoint, int recv_endpoint,
mbedtls_ssl_protocol_version tls_version,
uint32_t *flags); uint32_t *flags);
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */

554
library/ssl_tls.c
View File

@ -1354,29 +1354,6 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl)
return ret; return ret;
} }
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* RFC 8446 section 4.4.3
*
* If the verification fails, the receiver MUST terminate the handshake with
* a "decrypt_error" alert.
*
* If the client is configured as TLS 1.3 only with optional verify, return
* bad config.
*
*/
if (mbedtls_ssl_conf_tls13_is_ephemeral_enabled(
(mbedtls_ssl_context *) ssl) &&
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
ssl->conf->max_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
ssl->conf->min_tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
ssl->conf->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("Optional verify auth mode "
"is not available for TLS 1.3 client"));
return MBEDTLS_ERR_SSL_BAD_CONFIG;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
if (ssl->conf->f_rng == NULL) { if (ssl->conf->f_rng == NULL) {
MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
return MBEDTLS_ERR_SSL_NO_RNG; return MBEDTLS_ERR_SSL_NO_RNG;
@ -6397,71 +6374,6 @@ const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id)
} }
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
const mbedtls_ssl_ciphersuite_t *ciphersuite,
int cert_endpoint,
uint32_t *flags)
{
int ret = 0;
unsigned int usage = 0;
const char *ext_oid;
size_t ext_len;
if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) {
/* Server part of the key exchange */
switch (ciphersuite->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
break;
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
break;
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
break;
/* Don't use default: we want warnings when adding new values */
case MBEDTLS_KEY_EXCHANGE_NONE:
case MBEDTLS_KEY_EXCHANGE_PSK:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
usage = 0;
}
} else {
/* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */
usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
}
if (mbedtls_x509_crt_check_key_usage(cert, usage) != 0) {
*flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
ret = -1;
}
if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) {
ext_oid = MBEDTLS_OID_SERVER_AUTH;
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH);
} else {
ext_oid = MBEDTLS_OID_CLIENT_AUTH;
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH);
}
if (mbedtls_x509_crt_check_extended_key_usage(cert, ext_oid, ext_len) != 0) {
*flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
ret = -1;
}
return ret;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md, const mbedtls_md_type_t md,
@ -7980,196 +7892,6 @@ static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl,
return SSL_CERTIFICATE_EXPECTED; return SSL_CERTIFICATE_EXPECTED;
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
int authmode,
mbedtls_x509_crt *chain,
void *rs_ctx)
{
int ret = 0;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info;
int have_ca_chain = 0;
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy;
if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
return 0;
}
if (ssl->f_vrfy != NULL) {
MBEDTLS_SSL_DEBUG_MSG(3, ("Use context-specific verification callback"));
f_vrfy = ssl->f_vrfy;
p_vrfy = ssl->p_vrfy;
} else {
MBEDTLS_SSL_DEBUG_MSG(3, ("Use configuration-specific verification callback"));
f_vrfy = ssl->conf->f_vrfy;
p_vrfy = ssl->conf->p_vrfy;
}
/*
* Main check: verify certificate
*/
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
if (ssl->conf->f_ca_cb != NULL) {
((void) rs_ctx);
have_ca_chain = 1;
MBEDTLS_SSL_DEBUG_MSG(3, ("use CA callback for X.509 CRT verification"));
ret = mbedtls_x509_crt_verify_with_ca_cb(
chain,
ssl->conf->f_ca_cb,
ssl->conf->p_ca_cb,
ssl->conf->cert_profile,
ssl->hostname,
&ssl->session_negotiate->verify_result,
f_vrfy, p_vrfy);
} else
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
{
mbedtls_x509_crt *ca_chain;
mbedtls_x509_crl *ca_crl;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if (ssl->handshake->sni_ca_chain != NULL) {
ca_chain = ssl->handshake->sni_ca_chain;
ca_crl = ssl->handshake->sni_ca_crl;
} else
#endif
{
ca_chain = ssl->conf->ca_chain;
ca_crl = ssl->conf->ca_crl;
}
if (ca_chain != NULL) {
have_ca_chain = 1;
}
ret = mbedtls_x509_crt_verify_restartable(
chain,
ca_chain, ca_crl,
ssl->conf->cert_profile,
ssl->hostname,
&ssl->session_negotiate->verify_result,
f_vrfy, p_vrfy, rs_ctx);
}
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "x509_verify_cert", ret);
}
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
return MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
}
#endif
/*
* Secondary checks: always done, but change 'ret' only if it was 0
*/
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
{
const mbedtls_pk_context *pk = &chain->pk;
/* If certificate uses an EC key, make sure the curve is OK.
* This is a public key, so it can't be opaque, so can_do() is a good
* enough check to ensure pk_ec() is safe to use here. */
if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) {
/* and in the unlikely case the above assumption no longer holds
* we are making sure that pk_ec() here does not return a NULL
*/
mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(pk);
if (grp_id == MBEDTLS_ECP_DP_NONE) {
MBEDTLS_SSL_DEBUG_MSG(1, ("invalid group ID"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
ssl->session_negotiate->verify_result |=
MBEDTLS_X509_BADCERT_BAD_KEY;
MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (EC key curve)"));
if (ret == 0) {
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
}
}
}
}
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
if (mbedtls_ssl_check_cert_usage(chain,
ciphersuite_info,
!ssl->conf->endpoint,
&ssl->session_negotiate->verify_result) != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
if (ret == 0) {
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
}
}
/* mbedtls_x509_crt_verify_with_profile is supposed to report a
* verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED,
* with details encoded in the verification flags. All other kinds
* of error codes, including those from the user provided f_vrfy
* functions, are treated as fatal and lead to a failure of
* ssl_parse_certificate even if verification was optional. */
if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
(ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE)) {
ret = 0;
}
if (have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED) {
MBEDTLS_SSL_DEBUG_MSG(1, ("got no CA chain"));
ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
}
if (ret != 0) {
uint8_t alert;
/* The certificate may have been rejected for several reasons.
Pick one and send the corresponding alert. Which alert to send
may be a subject of debate in some cases. */
if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER) {
alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) {
alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED) {
alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED) {
alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA;
} else {
alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN;
}
mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
alert);
}
#if defined(MBEDTLS_DEBUG_C)
if (ssl->session_negotiate->verify_result != 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("! Certificate verification flags %08x",
(unsigned int) ssl->session_negotiate->verify_result));
} else {
MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate verification flags clear"));
}
#endif /* MBEDTLS_DEBUG_C */
return ret;
}
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_remember_peer_crt_digest(mbedtls_ssl_context *ssl, static int ssl_remember_peer_crt_digest(mbedtls_ssl_context *ssl,
@ -8226,6 +7948,7 @@ int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl)
{ {
int ret = 0; int ret = 0;
int crt_expected; int crt_expected;
/* Authmode: precedence order is SNI if used else configuration */
#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
? ssl->handshake->sni_authmode ? ssl->handshake->sni_authmode
@ -8305,8 +8028,9 @@ crt_verify:
} }
#endif #endif
ret = ssl_parse_certificate_verify(ssl, authmode, ret = mbedtls_ssl_verify_certificate(ssl, authmode, chain,
chain, rs_ctx); ssl->handshake->ciphersuite_info,
rs_ctx);
if (ret != 0) { if (ret != 0) {
goto exit; goto exit;
} }
@ -9972,4 +9696,274 @@ int mbedtls_ssl_session_set_ticket_alpn(mbedtls_ssl_session *session,
return 0; return 0;
} }
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_ALPN */
/*
* The following functions are used by 1.2 and 1.3, client and server.
*/
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
const mbedtls_ssl_ciphersuite_t *ciphersuite,
int recv_endpoint,
mbedtls_ssl_protocol_version tls_version,
uint32_t *flags)
{
int ret = 0;
unsigned int usage = 0;
const char *ext_oid;
size_t ext_len;
/*
* keyUsage
*/
/* Note: don't guard this with MBEDTLS_SSL_CLI_C because the server wants
* to check what a compliant client will think while choosing which cert
* to send to the client. */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
recv_endpoint == MBEDTLS_SSL_IS_CLIENT) {
/* TLS 1.2 server part of the key exchange */
switch (ciphersuite->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
break;
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
break;
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
break;
/* Don't use default: we want warnings when adding new values */
case MBEDTLS_KEY_EXCHANGE_NONE:
case MBEDTLS_KEY_EXCHANGE_PSK:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
usage = 0;
}
} else
#endif
{
/* This is either TLS 1.3 authentication, which always uses signatures,
* or 1.2 client auth: rsa_sign and mbedtls_ecdsa_sign are the only
* options we implement, both using signatures. */
(void) tls_version;
(void) ciphersuite;
usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
}
if (mbedtls_x509_crt_check_key_usage(cert, usage) != 0) {
*flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
ret = -1;
}
/*
* extKeyUsage
*/
if (recv_endpoint == MBEDTLS_SSL_IS_CLIENT) {
ext_oid = MBEDTLS_OID_SERVER_AUTH;
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH);
} else {
ext_oid = MBEDTLS_OID_CLIENT_AUTH;
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH);
}
if (mbedtls_x509_crt_check_extended_key_usage(cert, ext_oid, ext_len) != 0) {
*flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
ret = -1;
}
return ret;
}
int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl,
int authmode,
mbedtls_x509_crt *chain,
const mbedtls_ssl_ciphersuite_t *ciphersuite_info,
void *rs_ctx)
{
if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
return 0;
}
/*
* Primary check: use the appropriate X.509 verification function
*/
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy;
if (ssl->f_vrfy != NULL) {
MBEDTLS_SSL_DEBUG_MSG(3, ("Use context-specific verification callback"));
f_vrfy = ssl->f_vrfy;
p_vrfy = ssl->p_vrfy;
} else {
MBEDTLS_SSL_DEBUG_MSG(3, ("Use configuration-specific verification callback"));
f_vrfy = ssl->conf->f_vrfy;
p_vrfy = ssl->conf->p_vrfy;
}
int ret = 0;
int have_ca_chain_or_callback = 0;
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
if (ssl->conf->f_ca_cb != NULL) {
((void) rs_ctx);
have_ca_chain_or_callback = 1;
MBEDTLS_SSL_DEBUG_MSG(3, ("use CA callback for X.509 CRT verification"));
ret = mbedtls_x509_crt_verify_with_ca_cb(
chain,
ssl->conf->f_ca_cb,
ssl->conf->p_ca_cb,
ssl->conf->cert_profile,
ssl->hostname,
&ssl->session_negotiate->verify_result,
f_vrfy, p_vrfy);
} else
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
{
mbedtls_x509_crt *ca_chain;
mbedtls_x509_crl *ca_crl;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if (ssl->handshake->sni_ca_chain != NULL) {
ca_chain = ssl->handshake->sni_ca_chain;
ca_crl = ssl->handshake->sni_ca_crl;
} else
#endif
{
ca_chain = ssl->conf->ca_chain;
ca_crl = ssl->conf->ca_crl;
}
if (ca_chain != NULL) {
have_ca_chain_or_callback = 1;
}
ret = mbedtls_x509_crt_verify_restartable(
chain,
ca_chain, ca_crl,
ssl->conf->cert_profile,
ssl->hostname,
&ssl->session_negotiate->verify_result,
f_vrfy, p_vrfy, rs_ctx);
}
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "x509_verify_cert", ret);
}
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) {
return MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
}
#endif
/*
* Secondary checks: always done, but change 'ret' only if it was 0
*/
/* With TLS 1.2 and ECC certs, check that the curve used by the
* certificate is on our list of acceptable curves.
*
* With TLS 1.3 this is not needed because the curve is part of the
* signature algorithm (eg ecdsa_secp256r1_sha256) which is checked when
* we validate the signature made with the key associated to this cert.
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
mbedtls_pk_can_do(&chain->pk, MBEDTLS_PK_ECKEY)) {
if (mbedtls_ssl_check_curve(ssl, mbedtls_pk_get_ec_group_id(&chain->pk)) != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (EC key curve)"));
ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY;
if (ret == 0) {
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
}
}
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_PK_HAVE_ECC_KEYS */
/* Check X.509 usage extensions (keyUsage, extKeyUsage) */
if (mbedtls_ssl_check_cert_usage(chain,
ciphersuite_info,
ssl->conf->endpoint,
ssl->tls_version,
&ssl->session_negotiate->verify_result) != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
if (ret == 0) {
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
}
}
/* With authmode optional, we want to keep going if the certificate was
* unacceptable, but still fail on other errors (out of memory etc),
* including fatal errors from the f_vrfy callback.
*
* The only acceptable errors are:
* - MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: cert rejected by primary check;
* - MBEDTLS_ERR_SSL_BAD_CERTIFICATE: cert rejected by secondary checks.
* Anything else is a fatal error. */
if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
(ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE)) {
ret = 0;
}
/* Return a specific error as this is a user error: inconsistent
* configuration - can't verify without trust anchors. */
if (have_ca_chain_or_callback == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED) {
MBEDTLS_SSL_DEBUG_MSG(1, ("got no CA chain"));
ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
}
if (ret != 0) {
uint8_t alert;
/* The certificate may have been rejected for several reasons.
Pick one and send the corresponding alert. Which alert to send
may be a subject of debate in some cases. */
if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER) {
alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) {
alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY) {
alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED) {
alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED) {
alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED;
} else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA;
} else {
alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN;
}
mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
alert);
}
#if defined(MBEDTLS_DEBUG_C)
if (ssl->session_negotiate->verify_result != 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("! Certificate verification flags %08x",
(unsigned int) ssl->session_negotiate->verify_result));
} else {
MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate verification flags clear"));
}
#endif /* MBEDTLS_DEBUG_C */
return ret;
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#endif /* MBEDTLS_SSL_TLS_C */ #endif /* MBEDTLS_SSL_TLS_C */

4
library/ssl_tls12_server.c
View File

@ -756,7 +756,9 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl,
* and decrypting with the same RSA key. * and decrypting with the same RSA key.
*/ */
if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info, if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info,
MBEDTLS_SSL_IS_SERVER, &flags) != 0) { MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_VERSION_TLS1_2,
&flags) != 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: " MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: "
"(extended) key usage extension")); "(extended) key usage extension"));
continue; continue;

143
library/ssl_tls13_generic.c
View File

@ -480,6 +480,7 @@ int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl,
mbedtls_free(ssl->session_negotiate->peer_cert); mbedtls_free(ssl->session_negotiate->peer_cert);
} }
/* This is used by ssl_tls13_validate_certificate() */
if (certificate_list_len == 0) { if (certificate_list_len == 0) {
ssl->session_negotiate->peer_cert = NULL; ssl->session_negotiate->peer_cert = NULL;
ret = 0; ret = 0;
@ -635,25 +636,13 @@ int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl,
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl) static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
{ {
int ret = 0; /* Authmode: precedence order is SNI if used else configuration */
int authmode = MBEDTLS_SSL_VERIFY_REQUIRED; #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
mbedtls_x509_crt *ca_chain; const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET
mbedtls_x509_crl *ca_crl; ? ssl->handshake->sni_authmode
const char *ext_oid; : ssl->conf->authmode;
size_t ext_len; #else
uint32_t verify_result = 0; const int authmode = ssl->conf->authmode;
/* If SNI was used, overwrite authentication mode
* from the configuration. */
#if defined(MBEDTLS_SSL_SRV_C)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) {
authmode = ssl->handshake->sni_authmode;
} else
#endif
authmode = ssl->conf->authmode;
}
#endif #endif
/* /*
@ -685,6 +674,11 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
#endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
/* Regardless of authmode, the server is not allowed to send an empty
* certificate chain. (Last paragraph before 4.4.2.1 in RFC 8446: "The
* server's certificate_list MUST always be non-empty.") With authmode
* optional/none, we continue the handshake if we can't validate the
* server's cert, but we still break it if no certificate was sent. */
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_NO_CERT, MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_NO_CERT,
MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE); MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE);
@ -693,114 +687,9 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
#endif /* MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_CLI_C */
} }
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) return mbedtls_ssl_verify_certificate(ssl, authmode,
if (ssl->handshake->sni_ca_chain != NULL) { ssl->session_negotiate->peer_cert,
ca_chain = ssl->handshake->sni_ca_chain; NULL, NULL);
ca_crl = ssl->handshake->sni_ca_crl;
} else
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
{
ca_chain = ssl->conf->ca_chain;
ca_crl = ssl->conf->ca_crl;
}
/*
* Main check: verify certificate
*/
ret = mbedtls_x509_crt_verify_with_profile(
ssl->session_negotiate->peer_cert,
ca_chain, ca_crl,
ssl->conf->cert_profile,
ssl->hostname,
&verify_result,
ssl->conf->f_vrfy, ssl->conf->p_vrfy);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "x509_verify_cert", ret);
}
/*
* Secondary checks: always done, but change 'ret' only if it was 0
*/
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
ext_oid = MBEDTLS_OID_SERVER_AUTH;
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH);
} else {
ext_oid = MBEDTLS_OID_CLIENT_AUTH;
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH);
}
if ((mbedtls_x509_crt_check_key_usage(
ssl->session_negotiate->peer_cert,
MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0) ||
(mbedtls_x509_crt_check_extended_key_usage(
ssl->session_negotiate->peer_cert,
ext_oid, ext_len) != 0)) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
if (ret == 0) {
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
}
}
/* mbedtls_x509_crt_verify_with_profile is supposed to report a
* verification failure through MBEDTLS_ERR_X509_CERT_VERIFY_FAILED,
* with details encoded in the verification flags. All other kinds
* of error codes, including those from the user provided f_vrfy
* functions, are treated as fatal and lead to a failure of
* mbedtls_ssl_tls13_parse_certificate even if verification was optional.
*/
if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
(ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE)) {
ret = 0;
}
if (ca_chain == NULL && authmode == MBEDTLS_SSL_VERIFY_REQUIRED) {
MBEDTLS_SSL_DEBUG_MSG(1, ("got no CA chain"));
ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED;
}
if (ret != 0) {
/* The certificate may have been rejected for several reasons.
Pick one and send the corresponding alert. Which alert to send
may be a subject of debate in some cases. */
if (verify_result & MBEDTLS_X509_BADCERT_OTHER) {
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret);
} else if (verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) {
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_BAD_CERT, ret);
} else if (verify_result & (MBEDTLS_X509_BADCERT_KEY_USAGE |
MBEDTLS_X509_BADCERT_EXT_KEY_USAGE |
MBEDTLS_X509_BADCERT_NS_CERT_TYPE |
MBEDTLS_X509_BADCERT_BAD_PK |
MBEDTLS_X509_BADCERT_BAD_KEY)) {
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret);
} else if (verify_result & MBEDTLS_X509_BADCERT_EXPIRED) {
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret);
} else if (verify_result & MBEDTLS_X509_BADCERT_REVOKED) {
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED, ret);
} else if (verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) {
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA, ret);
} else {
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN, ret);
}
}
#if defined(MBEDTLS_DEBUG_C)
if (verify_result != 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("! Certificate verification flags %08x",
(unsigned int) verify_result));
} else {
MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate verification flags clear"));
}
#endif /* MBEDTLS_DEBUG_C */
ssl->session_negotiate->verify_result = verify_result;
return ret;
} }
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL

10
programs/ssl/ssl_client2.c
View File

@ -2223,7 +2223,9 @@ usage:
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n", mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
(unsigned int) -ret); (unsigned int) -ret);
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) {
mbedtls_printf( mbedtls_printf(
" Unable to verify the server's certificate. " " Unable to verify the server's certificate. "
"Either it is invalid,\n" "Either it is invalid,\n"
@ -2234,7 +2236,13 @@ usage:
"not using TLS 1.3.\n" "not using TLS 1.3.\n"
" For TLS 1.3 server, try `ca_path=/etc/ssl/certs/`" " For TLS 1.3 server, try `ca_path=/etc/ssl/certs/`"
"or other folder that has root certificates\n"); "or other folder that has root certificates\n");
flags = mbedtls_ssl_get_verify_result(&ssl);
char vrfy_buf[512];
x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
mbedtls_printf("%s\n", vrfy_buf);
} }
#endif
mbedtls_printf("\n"); mbedtls_printf("\n");
goto exit; goto exit;
} }

3
programs/ssl/ssl_server2.c
View File

@ -3513,7 +3513,8 @@ handshake:
(unsigned int) -ret); (unsigned int) -ret);
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE) {
char vrfy_buf[512]; char vrfy_buf[512];
flags = mbedtls_ssl_get_verify_result(&ssl); flags = mbedtls_ssl_get_verify_result(&ssl);

7
tests/Makefile
View File

@ -212,8 +212,7 @@ $(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS)
clean: clean:
ifndef WINDOWS ifndef WINDOWS
rm -rf $(BINARIES) *.c *.datax rm -rf $(BINARIES) *.c *.datax
rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed* src/test_keys.h src/test_certs.h rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed*
rm -f src/test_keys.h src/test_certs.h
rm -f include/test/instrument_record_status.h rm -f include/test/instrument_record_status.h
rm -f include/alt-extra/*/*_alt.h rm -f include/alt-extra/*/*_alt.h
rm -rf libtestdriver1 rm -rf libtestdriver1
@ -224,10 +223,8 @@ else
if exist *.datax del /Q /F *.datax if exist *.datax del /Q /F *.datax
if exist src/*.o del /Q /F src/*.o if exist src/*.o del /Q /F src/*.o
if exist src/drivers/*.o del /Q /F src/drivers/*.o if exist src/drivers/*.o del /Q /F src/drivers/*.o
if exist src/test_keys.h del /Q /F src/test_keys.h
if exist src/test_certs.h del /Q /F src/test_cers.h
if exist src/test_helpers/*.o del /Q /F src/test_helpers/*.o if exist src/test_helpers/*.o del /Q /F src/test_helpers/*.o
if exist src/libmbed* del /Q /F src/libmed* if exist src/libmbed* del /Q /F src/libmbed*
if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h
endif endif

457
tests/ssl-opt.sh
View File

@ -2155,7 +2155,7 @@ run_test "TLS: password protected server key, two certificates" \
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "CA callback on client" \ run_test "CA callback on client" \
"$P_SRV debug_level=3" \ "$P_SRV debug_level=3" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 " \ "$P_CLI ca_callback=1 debug_level=3 " \
0 \ 0 \
-c "use CA callback for X.509 CRT verification" \ -c "use CA callback for X.509 CRT verification" \
-S "error" \ -S "error" \
@ -2165,7 +2165,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_hash_alg SHA_256 requires_hash_alg SHA_256
run_test "CA callback on server" \ run_test "CA callback on server" \
"$P_SRV force_version=tls12 auth_mode=required" \ "$P_SRV auth_mode=required" \
"$P_CLI ca_callback=1 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt \ "$P_CLI ca_callback=1 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt \
key_file=$DATA_FILES_PATH/server5.key" \ key_file=$DATA_FILES_PATH/server5.key" \
0 \ 0 \
@ -2722,9 +2722,10 @@ run_test "Single supported algorithm sending: openssl client" \
0 0
# Tests for certificate verification callback # Tests for certificate verification callback
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Configuration-specific CRT verification callback" \ run_test "Configuration-specific CRT verification callback" \
"$P_SRV debug_level=3" \ "$P_SRV debug_level=3" \
"$P_CLI force_version=tls12 context_crt_cb=0 debug_level=3" \ "$P_CLI context_crt_cb=0 debug_level=3" \
0 \ 0 \
-S "error" \ -S "error" \
-c "Verify requested for " \ -c "Verify requested for " \
@ -2732,9 +2733,10 @@ run_test "Configuration-specific CRT verification callback" \
-C "Use context-specific verification callback" \ -C "Use context-specific verification callback" \
-C "error" -C "error"
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Context-specific CRT verification callback" \ run_test "Context-specific CRT verification callback" \
"$P_SRV debug_level=3" \ "$P_SRV debug_level=3" \
"$P_CLI force_version=tls12 context_crt_cb=1 debug_level=3" \ "$P_CLI context_crt_cb=1 debug_level=3" \
0 \ 0 \
-S "error" \ -S "error" \
-c "Verify requested for " \ -c "Verify requested for " \
@ -5809,38 +5811,78 @@ run_test "DER format: with 9 trailing random bytes" \
# Tests for auth_mode, there are duplicated tests using ca callback for authentication # Tests for auth_mode, there are duplicated tests using ca callback for authentication
# When updating these tests, modify the matching authentication tests accordingly # When updating these tests, modify the matching authentication tests accordingly
# The next 4 cases test the 3 auth modes with a badly signed server cert.
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: server badcert, client required" \ run_test "Authentication: server badcert, client required" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI debug_level=1 auth_mode=required" \ "$P_CLI debug_level=3 auth_mode=required" \
1 \ 1 \
-c "x509_verify_cert() returned" \ -c "x509_verify_cert() returned" \
-c "! The certificate is not correctly signed by the trusted CA" \ -c "! The certificate is not correctly signed by the trusted CA" \
-c "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \
-c "send alert level=2 message=48" \
-c "X509 - Certificate verification failed" -c "X509 - Certificate verification failed"
# MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
# We don't check that the server receives the alert because it might
# detect that its write end of the connection is closed and abort
# before reading the alert message.
run_test "Authentication: server badcert, client required (1.2)" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=required" \
1 \
-c "x509_verify_cert() returned" \
-c "! The certificate is not correctly signed by the trusted CA" \
-c "! mbedtls_ssl_handshake returned" \
-c "send alert level=2 message=48" \
-c "X509 - Certificate verification failed"
# MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
run_test "Authentication: server badcert, client optional" \ run_test "Authentication: server badcert, client optional" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_version=tls12 debug_level=1 auth_mode=optional" \ "$P_CLI force_version=tls13 debug_level=3 auth_mode=optional" \
0 \ 0 \
-c "x509_verify_cert() returned" \ -c "x509_verify_cert() returned" \
-c "! The certificate is not correctly signed by the trusted CA" \ -c "! The certificate is not correctly signed by the trusted CA" \
-C "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \
-C "send alert level=2 message=48" \
-C "X509 - Certificate verification failed" -C "X509 - Certificate verification failed"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server badcert, client optional (1.2)" \
run_test "Authentication: server goodcert, client optional, no trusted CA" \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
"$P_SRV" \ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional" \
0 \ 0 \
-c "x509_verify_cert() returned" \ -c "x509_verify_cert() returned" \
-c "! The certificate is not correctly signed by the trusted CA" \ -c "! The certificate is not correctly signed by the trusted CA" \
-c "! Certificate verification flags"\
-C "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed" \ -C "send alert level=2 message=48" \
-C "SSL - No CA Chain is set, but required to operate" -C "X509 - Certificate verification failed"
run_test "Authentication: server badcert, client none" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI debug_level=3 auth_mode=none" \
0 \
-C "x509_verify_cert() returned" \
-C "! The certificate is not correctly signed by the trusted CA" \
-C "! mbedtls_ssl_handshake returned" \
-C "send alert level=2 message=48" \
-C "X509 - Certificate verification failed"
run_test "Authentication: server badcert, client none (1.2)" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=none" \
0 \
-C "x509_verify_cert() returned" \
-C "! The certificate is not correctly signed by the trusted CA" \
-C "! mbedtls_ssl_handshake returned" \
-C "send alert level=2 message=48" \
-C "X509 - Certificate verification failed"
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: server goodcert, client required, no trusted CA" \ run_test "Authentication: server goodcert, client required, no trusted CA" \
@ -5853,6 +5895,65 @@ run_test "Authentication: server goodcert, client required, no trusted CA" \
-c "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \
-c "SSL - No CA Chain is set, but required to operate" -c "SSL - No CA Chain is set, but required to operate"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: server goodcert, client required, no trusted CA (1.2)" \
"$P_SRV force_version=tls12" \
"$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
1 \
-c "x509_verify_cert() returned" \
-c "! The certificate is not correctly signed by the trusted CA" \
-c "! Certificate verification flags"\
-c "! mbedtls_ssl_handshake returned" \
-c "SSL - No CA Chain is set, but required to operate"
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: server goodcert, client optional, no trusted CA" \
"$P_SRV" \
"$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
0 \
-c "x509_verify_cert() returned" \
-c "! The certificate is not correctly signed by the trusted CA" \
-c "! Certificate verification flags"\
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed" \
-C "SSL - No CA Chain is set, but required to operate"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: server goodcert, client optional, no trusted CA (1.2)" \
"$P_SRV" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
0 \
-c "x509_verify_cert() returned" \
-c "! The certificate is not correctly signed by the trusted CA" \
-c "! Certificate verification flags"\
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed" \
-C "SSL - No CA Chain is set, but required to operate"
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
run_test "Authentication: server goodcert, client none, no trusted CA" \
"$P_SRV" \
"$P_CLI debug_level=3 auth_mode=none ca_file=none ca_path=none" \
0 \
-C "x509_verify_cert() returned" \
-C "! The certificate is not correctly signed by the trusted CA" \
-C "! Certificate verification flags"\
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed" \
-C "SSL - No CA Chain is set, but required to operate"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" \
"$P_SRV" \
"$P_CLI force_version=tls12 debug_level=3 auth_mode=none ca_file=none ca_path=none" \
0 \
-C "x509_verify_cert() returned" \
-C "! The certificate is not correctly signed by the trusted CA" \
-C "! Certificate verification flags"\
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed" \
-C "SSL - No CA Chain is set, but required to operate"
# The purpose of the next two tests is to test the client's behaviour when receiving a server # The purpose of the next two tests is to test the client's behaviour when receiving a server
# certificate with an unsupported elliptic curve. This should usually not happen because # certificate with an unsupported elliptic curve. This should usually not happen because
# the client informs the server about the supported curves - it does, though, in the # the client informs the server about the supported curves - it does, though, in the
@ -5878,16 +5979,6 @@ run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsuppo
-c "! Certificate verification flags"\ -c "! Certificate verification flags"\
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
run_test "Authentication: server badcert, client none" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_version=tls12 debug_level=1 auth_mode=none" \
0 \
-C "x509_verify_cert() returned" \
-C "! The certificate is not correctly signed by the trusted CA" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication: client SHA256, server required" \ run_test "Authentication: client SHA256, server required" \
"$P_SRV auth_mode=required" \ "$P_SRV auth_mode=required" \
@ -6098,7 +6189,7 @@ requires_full_size_output_buffer
run_test "Authentication: server max_int+1 chain, client optional" \ run_test "Authentication: server max_int+1 chain, client optional" \
"$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
"$P_CLI force_version=tls12 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ "$P_CLI server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \
auth_mode=optional" \ auth_mode=optional" \
1 \ 1 \
-c "X509 - A fatal error occurred" -c "X509 - A fatal error occurred"
@ -6219,7 +6310,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client required" \ run_test "Authentication, CA callback: server badcert, client required" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \
1 \ 1 \
-c "use CA callback for X.509 CRT verification" \ -c "use CA callback for X.509 CRT verification" \
-c "x509_verify_cert() returned" \ -c "x509_verify_cert() returned" \
@ -6231,7 +6322,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client optional" \ run_test "Authentication, CA callback: server badcert, client optional" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \ "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \ key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \ "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \
0 \ 0 \
-c "use CA callback for X.509 CRT verification" \ -c "use CA callback for X.509 CRT verification" \
-c "x509_verify_cert() returned" \ -c "x509_verify_cert() returned" \
@ -6239,6 +6330,18 @@ run_test "Authentication, CA callback: server badcert, client optional" \
-C "! mbedtls_ssl_handshake returned" \ -C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed" -C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client none" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \
"$P_CLI ca_callback=1 debug_level=3 auth_mode=none" \
0 \
-C "use CA callback for X.509 CRT verification" \
-C "x509_verify_cert() returned" \
-C "! The certificate is not correctly signed by the trusted CA" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
# The purpose of the next two tests is to test the client's behaviour when receiving a server # The purpose of the next two tests is to test the client's behaviour when receiving a server
# certificate with an unsupported elliptic curve. This should usually not happen because # certificate with an unsupported elliptic curve. This should usually not happen because
# the client informs the server about the supported curves - it does, though, in the # the client informs the server about the supported curves - it does, though, in the
@ -6270,7 +6373,7 @@ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client SHA256, server required" \ run_test "Authentication, CA callback: client SHA384, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \
key_file=$DATA_FILES_PATH/server6.key \ key_file=$DATA_FILES_PATH/server6.key \
@ -6282,7 +6385,7 @@ run_test "Authentication, CA callback: client SHA256, server required" \
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client SHA384, server required" \ run_test "Authentication, CA callback: client SHA256, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \
key_file=$DATA_FILES_PATH/server6.key \ key_file=$DATA_FILES_PATH/server6.key \
@ -6294,7 +6397,7 @@ run_test "Authentication, CA callback: client SHA384, server required" \
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server required" \ run_test "Authentication, CA callback: client badcert, server required" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \ key_file=$DATA_FILES_PATH/server5.key" \
1 \ 1 \
@ -6309,7 +6412,6 @@ run_test "Authentication, CA callback: client badcert, server required" \
-s "! The certificate is not correctly signed by the trusted CA" \ -s "! The certificate is not correctly signed by the trusted CA" \
-s "! mbedtls_ssl_handshake returned" \ -s "! mbedtls_ssl_handshake returned" \
-s "send alert level=2 message=48" \ -s "send alert level=2 message=48" \
-c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed" -s "X509 - Certificate verification failed"
# We don't check that the client receives the alert because it might # We don't check that the client receives the alert because it might
# detect that its write end of the connection is closed and abort # detect that its write end of the connection is closed and abort
@ -6317,7 +6419,7 @@ run_test "Authentication, CA callback: client badcert, server required" \
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client cert not trusted, server required" \ run_test "Authentication, CA callback: client cert not trusted, server required" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \
key_file=$DATA_FILES_PATH/server5.key" \ key_file=$DATA_FILES_PATH/server5.key" \
1 \ 1 \
@ -6331,12 +6433,11 @@ run_test "Authentication, CA callback: client cert not trusted, server requir
-s "x509_verify_cert() returned" \ -s "x509_verify_cert() returned" \
-s "! The certificate is not correctly signed by the trusted CA" \ -s "! The certificate is not correctly signed by the trusted CA" \
-s "! mbedtls_ssl_handshake returned" \ -s "! mbedtls_ssl_handshake returned" \
-c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed" -s "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server optional" \ run_test "Authentication, CA callback: client badcert, server optional" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \ "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \ key_file=$DATA_FILES_PATH/server5.key" \
0 \ 0 \
@ -6359,7 +6460,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int chain, client default" \ run_test "Authentication, CA callback: server max_int chain, client default" \
"$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
"$P_CLI force_version=tls12 ca_callback=1 debug_level=3 server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \
0 \ 0 \
-c "use CA callback for X.509 CRT verification" \ -c "use CA callback for X.509 CRT verification" \
-C "X509 - A fatal error occurred" -C "X509 - A fatal error occurred"
@ -6370,7 +6471,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client default" \ run_test "Authentication, CA callback: server max_int+1 chain, client default" \
"$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
"$P_CLI force_version=tls12 debug_level=3 ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \ "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \
1 \ 1 \
-c "use CA callback for X.509 CRT verification" \ -c "use CA callback for X.509 CRT verification" \
-c "X509 - A fatal error occurred" -c "X509 - A fatal error occurred"
@ -6381,7 +6482,7 @@ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
"$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
"$P_CLI force_version=tls12 ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \ "$P_CLI ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \
debug_level=3 auth_mode=optional" \ debug_level=3 auth_mode=optional" \
1 \ 1 \
-c "use CA callback for X.509 CRT verification" \ -c "use CA callback for X.509 CRT verification" \
@ -6391,7 +6492,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
1 \ 1 \
@ -6402,7 +6503,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server required" \ run_test "Authentication, CA callback: client max_int+1 chain, server required" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \ key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
1 \ 1 \
@ -6413,7 +6514,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int chain, server required" \ run_test "Authentication, CA callback: client max_int chain, server required" \
"$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \ "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \ key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
0 \ 0 \
@ -6578,7 +6679,9 @@ run_test "SNI: CA override with CRL" \
-S "skip parse certificate verify" \ -S "skip parse certificate verify" \
-s "x509_verify_cert() returned" \ -s "x509_verify_cert() returned" \
-S "! The certificate is not correctly signed by the trusted CA" \ -S "! The certificate is not correctly signed by the trusted CA" \
-s "send alert level=2 message=44" \
-s "The certificate has been revoked (is on a CRL)" -s "The certificate has been revoked (is on a CRL)"
# MBEDTLS_X509_BADCERT_REVOKED -> MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED
# Tests for SNI and DTLS # Tests for SNI and DTLS
@ -6726,7 +6829,9 @@ run_test "SNI: DTLS, CA override with CRL" \
-S "skip parse certificate verify" \ -S "skip parse certificate verify" \
-s "x509_verify_cert() returned" \ -s "x509_verify_cert() returned" \
-S "! The certificate is not correctly signed by the trusted CA" \ -S "! The certificate is not correctly signed by the trusted CA" \
-s "send alert level=2 message=44" \
-s "The certificate has been revoked (is on a CRL)" -s "The certificate has been revoked (is on a CRL)"
# MBEDTLS_X509_BADCERT_REVOKED -> MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED
# Tests for non-blocking I/O: exercise a variety of handshake flows # Tests for non-blocking I/O: exercise a variety of handshake flows
@ -7640,22 +7745,26 @@ run_test "ALPN: both, no common" \
# Tests for keyUsage in leaf certificates, part 1: # Tests for keyUsage in leaf certificates, part 1:
# server-side certificate/suite selection # server-side certificate/suite selection
#
# This is only about 1.2 (for 1.3, all key exchanges use signatures).
# In 4.0 this will probably go away as all TLS 1.2 key exchanges will use
# signatures too, following the removal of RSA #8170 and static ECDH #9201.
run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \ run_test "keyUsage srv 1.2: RSA, digitalSignature -> (EC)DHE-RSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \ crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI" \ "$P_CLI" \
0 \ 0 \
-c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \ run_test "keyUsage srv 1.2: RSA, keyEncipherment -> RSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \ crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI" \ "$P_CLI" \
0 \ 0 \
-c "Ciphersuite is TLS-RSA-WITH-" -c "Ciphersuite is TLS-RSA-WITH-"
run_test "keyUsage srv: RSA, keyAgreement -> fail" \ run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2.ku-ka.crt" \ crt_file=$DATA_FILES_PATH/server2.ku-ka.crt" \
"$P_CLI" \ "$P_CLI" \
@ -7663,7 +7772,7 @@ run_test "keyUsage srv: RSA, keyAgreement -> fail" \
-C "Ciphersuite is " -C "Ciphersuite is "
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \ run_test "keyUsage srv 1.2: ECC, digitalSignature -> ECDHE-ECDSA" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ds.crt" \ crt_file=$DATA_FILES_PATH/server5.ku-ds.crt" \
"$P_CLI" \ "$P_CLI" \
@ -7671,14 +7780,14 @@ run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
-c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \ run_test "keyUsage srv 1.2: ECC, keyAgreement -> ECDH-" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \ crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
"$P_CLI" \ "$P_CLI" \
0 \ 0 \
-c "Ciphersuite is TLS-ECDH-" -c "Ciphersuite is TLS-ECDH-"
run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \
"$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \ "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \ crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \
"$P_CLI" \ "$P_CLI" \
@ -7687,8 +7796,12 @@ run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
# Tests for keyUsage in leaf certificates, part 2: # Tests for keyUsage in leaf certificates, part 2:
# client-side checking of server cert # client-side checking of server cert
#
# TLS 1.3 uses only signature, but for 1.2 it depends on the key exchange.
# In 4.0 this will probably change as all TLS 1.2 key exchanges will use
# signatures too, following the removal of RSA #8170 and static ECDH #9201.
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \ "$P_CLI debug_level=1 \
@ -7698,7 +7811,7 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
-C "Processing of the Certificate handshake message failed" \ -C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-" -c "Ciphersuite is TLS-"
run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \ -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
"$P_CLI debug_level=1 \ "$P_CLI debug_level=1 \
@ -7708,7 +7821,7 @@ run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
-C "Processing of the Certificate handshake message failed" \ -C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-" -c "Ciphersuite is TLS-"
run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ run_test "keyUsage cli 1.2: KeyEncipherment, RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI debug_level=1 \ "$P_CLI debug_level=1 \
@ -7718,28 +7831,32 @@ run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
-C "Processing of the Certificate handshake message failed" \ -C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-" -c "Ciphersuite is TLS-"
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (hard)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI debug_level=1 \ "$P_CLI debug_level=3 \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1 \ 1 \
-c "bad certificate (usage extensions)" \ -c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \ -c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-" -C "Ciphersuite is TLS-" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ run_test "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (soft)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
"$P_CLI debug_level=1 auth_mode=optional \ "$P_CLI debug_level=3 auth_mode=optional \
force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
0 \ 0 \
-c "bad certificate (usage extensions)" \ -c "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \ -C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-" \ -c "Ciphersuite is TLS-" \
-C "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension" -c "! Usage does not match the keyUsage extension"
run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ run_test "keyUsage cli 1.2: DigitalSignature, DHE-RSA: OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI debug_level=1 \ "$P_CLI debug_level=1 \
@ -7749,27 +7866,43 @@ run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
-C "Processing of the Certificate handshake message failed" \ -C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-" -c "Ciphersuite is TLS-"
run_test "keyUsage cli: DigitalSignature, RSA: fail" \ run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (hard)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI debug_level=1 \ "$P_CLI debug_level=3 \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1 \ 1 \
-c "bad certificate (usage extensions)" \ -c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \ -c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-" -C "Ciphersuite is TLS-" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ run_test "keyUsage cli 1.2: DigitalSignature, RSA: fail (soft)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \
"$P_CLI debug_level=1 auth_mode=optional \ "$P_CLI debug_level=3 auth_mode=optional \
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
0 \ 0 \
-c "bad certificate (usage extensions)" \ -c "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \ -C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-" \ -c "Ciphersuite is TLS-" \
-C "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension" -c "! Usage does not match the keyUsage extension"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature, RSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \
"$P_CLI debug_level=3" \
0 \
-C "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -7785,26 +7918,32 @@ run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \ run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
"$P_CLI debug_level=1" \ "$P_CLI debug_level=3" \
1 \ 1 \
-c "bad certificate (usage extensions)" \ -c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \ -c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is" -C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \ run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \ -cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \
"$P_CLI debug_level=1" \ "$P_CLI debug_level=3" \
1 \ 1 \
-c "bad certificate (usage extensions)" \ -c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \ -c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is" -C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -7821,32 +7960,40 @@ run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ke.crt" \ -cert $DATA_FILES_PATH/server5.ku-ke.crt" \
"$P_CLI debug_level=1" \ "$P_CLI debug_level=3" \
1 \ 1 \
-c "bad certificate (usage extensions)" \ -c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \ -c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is" -C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \ -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
"$P_CLI debug_level=1" \ "$P_CLI debug_level=3" \
1 \ 1 \
-c "bad certificate (usage extensions)" \ -c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \ -c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is" -C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the keyUsage extension"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# Tests for keyUsage in leaf certificates, part 3: # Tests for keyUsage in leaf certificates, part 3:
# server-side checking of client cert # server-side checking of client cert
#
# Here, both 1.2 and 1.3 only use signatures.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \ "$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds.crt" \ -cert $DATA_FILES_PATH/server2.ku-ds.crt" \
@ -7856,25 +8003,40 @@ run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature+KeyEncipherment: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \ "$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
0 \ 0 \
-s "bad certificate (usage extensions)" \ -s "bad certificate (usage extensions)" \
-S "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (hard)" \
"$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \ "$P_SRV debug_level=3 force_version=tls12 auth_mode=required" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2.ku-ke.crt" \ -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
1 \ 1 \
-s "bad certificate (usage extensions)" \ -s "bad certificate (usage extensions)" \
-s "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-s "Processing of the Certificate handshake message failed" -s "Processing of the Certificate handshake message failed"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ run_test "keyUsage cli-auth 1.2: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \ "$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ds.crt" \ -cert $DATA_FILES_PATH/server5.ku-ds.crt" \
@ -7884,14 +8046,28 @@ run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \ "$P_SRV debug_level=3 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \ -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
0 \ 0 \
-s "bad certificate (usage extensions)" \ -s "bad certificate (usage extensions)" \
-S "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (hard)" \
"$P_SRV debug_level=3 auth_mode=required" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-s "Processing of the Certificate handshake message failed"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -7907,14 +8083,43 @@ run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature+KeyEncipherment: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
-cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \ -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
0 \ 0 \
-s "bad certificate (usage extensions)" \ -s "bad certificate (usage extensions)" \
-S "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
"$P_CLI key_file=$DATA_FILES_PATH/server2.key \
crt_file=$DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed" \
-s "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-s "! mbedtls_ssl_handshake returned"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -7931,13 +8136,29 @@ requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \ run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.ku-ka.crt" \ -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
0 \ 0 \
-s "bad certificate (usage extensions)" \ -s "bad certificate (usage extensions)" \
-s "! Usage does not match the keyUsage extension" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
"$P_CLI key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed" \
-s "send alert level=2 message=43" \
-s "! Usage does not match the keyUsage extension" \
-s "! mbedtls_ssl_handshake returned"
# MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection # Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
@ -7971,7 +8192,7 @@ run_test "extKeyUsage srv: codeSign -> fail" \
# Tests for extendedKeyUsage, part 2: client-side checking of server cert # Tests for extendedKeyUsage, part 2: client-side checking of server cert
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: serverAuth -> OK" \ run_test "extKeyUsage cli 1.2: serverAuth -> OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv.crt" \ -cert $DATA_FILES_PATH/server5.eku-srv.crt" \
"$P_CLI debug_level=1" \ "$P_CLI debug_level=1" \
@ -7981,7 +8202,7 @@ run_test "extKeyUsage cli: serverAuth -> OK" \
-c "Ciphersuite is TLS-" -c "Ciphersuite is TLS-"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ run_test "extKeyUsage cli 1.2: serverAuth,clientAuth -> OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
"$P_CLI debug_level=1" \ "$P_CLI debug_level=1" \
@ -7991,7 +8212,7 @@ run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
-c "Ciphersuite is TLS-" -c "Ciphersuite is TLS-"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ run_test "extKeyUsage cli 1.2: codeSign,anyEKU -> OK" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
"$P_CLI debug_level=1" \ "$P_CLI debug_level=1" \
@ -8001,14 +8222,30 @@ run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
-c "Ciphersuite is TLS-" -c "Ciphersuite is TLS-"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli: codeSign -> fail" \ run_test "extKeyUsage cli 1.2: codeSign -> fail (soft)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \ "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
"$P_CLI debug_level=1" \ "$P_CLI debug_level=3 auth_mode=optional" \
0 \
-c "bad certificate (usage extensions)" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is TLS-" \
-C "send alert level=2 message=43" \
-c "! Usage does not match the extendedKeyUsage extension"
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli 1.2: codeSign -> fail (hard)" \
"$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \
"$P_CLI debug_level=3" \
1 \ 1 \
-c "bad certificate (usage extensions)" \ -c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \ -c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-" -C "Ciphersuite is TLS-" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the extendedKeyUsage extension"
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -8049,19 +8286,22 @@ run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign -> fail" \ run_test "extKeyUsage cli 1.3: codeSign -> fail (hard)" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
"$P_CLI debug_level=1" \ "$P_CLI debug_level=3" \
1 \ 1 \
-c "bad certificate (usage extensions)" \ -c "bad certificate (usage extensions)" \
-c "Processing of the Certificate handshake message failed" \ -c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is" -C "Ciphersuite is" \
-c "send alert level=2 message=43" \
-c "! Usage does not match the extendedKeyUsage extension"
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# Tests for extendedKeyUsage, part 3: server-side checking of client cert # Tests for extendedKeyUsage, part 3: server-side checking of client cert
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: clientAuth -> OK" \ run_test "extKeyUsage cli-auth 1.2: clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \ "$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cli.crt" \ -cert $DATA_FILES_PATH/server5.eku-cli.crt" \
@ -8070,7 +8310,7 @@ run_test "extKeyUsage cli-auth: clientAuth -> OK" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ run_test "extKeyUsage cli-auth 1.2: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \ "$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \ -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
@ -8079,7 +8319,7 @@ run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ run_test "extKeyUsage cli-auth 1.2: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \ "$P_SRV debug_level=1 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \ -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
@ -8088,22 +8328,27 @@ run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \ "$P_SRV debug_level=3 auth_mode=optional" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
0 \ 0 \
-s "bad certificate (usage extensions)" \ -s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed" -S "send alert level=2 message=43" \
-s "! Usage does not match the extendedKeyUsage extension" \
-S "Processing of the Certificate handshake message failed" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (hard)" \
"$P_SRV debug_level=1 auth_mode=required" \ "$P_SRV debug_level=3 auth_mode=required" \
"$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \ "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
1 \ 1 \
-s "bad certificate (usage extensions)" \ -s "bad certificate (usage extensions)" \
-s "send alert level=2 message=43" \
-s "! Usage does not match the extendedKeyUsage extension" \
-s "Processing of the Certificate handshake message failed" -s "Processing of the Certificate handshake message failed"
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
requires_openssl_tls1_3_with_compatible_ephemeral requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -8142,13 +8387,29 @@ requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \ run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \ "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
-cert $DATA_FILES_PATH/server5.eku-cs.crt" \ -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
0 \ 0 \
-s "bad certificate (usage extensions)" \ -s "bad certificate (usage extensions)" \
-S "send alert level=2 message=43" \
-s "! Usage does not match the extendedKeyUsage extension" \
-S "Processing of the Certificate handshake message failed" -S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (hard)" \
"$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
"$P_CLI key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.eku-cs.crt" \
1 \
-s "bad certificate (usage extensions)" \
-s "send alert level=2 message=43" \
-s "! Usage does not match the extendedKeyUsage extension" \
-s "Processing of the Certificate handshake message failed"
# MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
# Tests for DHM parameters loading # Tests for DHM parameters loading
run_test "DHM parameters: reference" \ run_test "DHM parameters: reference" \

20
tests/suites/test_suite_psa_crypto_util.data
View File

@ -6,6 +6,16 @@ ECDSA Raw -> DER, 256bit, DER buffer too small
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"304402201111111111111111111111111111111111111111111111111111111111111111022022222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"304402201111111111111111111111111111111111111111111111111111111111111111022022222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
# Check coordinates one byte larger than the largest supported curve.
# If we add an even larger curve, this test case will fail in the full
# configuration because mbedtls_ecdsa_raw_to_der() will return 0, and we'll
# need to use larger data for this test case.
ECDSA Raw -> DER, very large input (536-bit)
ecdsa_raw_to_der:536:"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818a024311111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024322222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
ECDSA Raw -> DER, very large input (1016-bit)
ecdsa_raw_to_der:1016:"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30820102027f11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111027f22222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
ECDSA Raw -> DER, 256bit, Null r ECDSA Raw -> DER, 256bit, Null r
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_raw_to_der:256:"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA ecdsa_raw_to_der:256:"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
@ -58,6 +68,16 @@ ECDSA DER -> Raw, 256bit, Raw buffer too small
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
# Check coordinates one byte larger than the largest supported curve.
# If we add an even larger curve, this test case will fail in the full
# configuration because mbedtls_ecdsa_der_to_raw() will return 0, and we'll
# need to use larger data for this test case.
ECDSA DER -> Raw, very large input (536-bit)
ecdsa_der_to_raw:536:"30818a024311111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024322222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
ECDSA DER -> Raw, very large input (1016-bit)
ecdsa_der_to_raw:1016:"30820102027f11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111027f22222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
ECDSA DER -> Raw, 256bit, Wrong sequence tag ECDSA DER -> Raw, 256bit, Wrong sequence tag
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_der_to_raw:256:"40440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ecdsa_der_to_raw:256:"40440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG

4
tests/suites/test_suite_version.data
View File

@ -1,8 +1,8 @@
Check compile time library version Check compile time library version
check_compiletime_version:"3.6.0" check_compiletime_version:"3.6.1"
Check runtime library version Check runtime library version
check_runtime_version:"3.6.0" check_runtime_version:"3.6.1"
Check for MBEDTLS_VERSION_C Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0 check_feature:"MBEDTLS_VERSION_C":0